Recent PostsN E W S . A R T I C L E S
« Platformic Web CMS Offers Integrated Social Media Modules | Main | LinkedIn Opens Platform for Devs »
Metasploit Expands Vulnerability Test Framework
November 19, 2009When it comes to IT security, is the best defense a good offense? That's the thinking behind the open source Metasploit vulnerability testing framework, which is out with its new 3.3 release this week, sporting new features for researchers to deliver payloads and test wireless, database and browser security.
While Metasploit could potentially be used as a malicious tool, its intent is all about verifying security and keeping vendors honest, according to project leader H D Moore.
"Metasploit is a great way to enforce the 'trust by verify' method of IT security management," Moore told InternetNews.com. "Often folks will install a patch, but forget to reboot the server or otherwise activate the fix. This can lead to machines showing as 'patched' in the sense that registry checks will return the correct information, but still being exploitable using a product like the Metasploit Framework."
Metasploit is an open source testing framework first developed by Moore in 2003. One of its hallmarks since at least the 3.0 release is its ability to evade detection by antivirus and intrusion-prevention systems. Again the focus for Moore isn't about being malicious, but about making sure that security systems actually work....
Source: Internetnews.com
